What Are CMS Regulations for Hospitals and How To Stay Compliant

Centers for Medicare & Medicaid Services (CMS) regulations for hospitals and other healthcare organizations define the federal requirements providers must follow to receive Medicare and Medicaid reimbursement. These rules govern patient safety, billing accuracy, infection control, privacy, and electronic health records (EHRs). Conditions of Participation (CoPs) refers to the specific health and safety standards organizations must maintain. Additionally, hospitals also closely monitor regulations related to ...

Business Continuity Plan Examples from the Front Lines

What are the biggest risks companies are facing right now worldwide? They are cyber incidents, operational disruptions, and climate-driven disasters. None are surprises. As organizations push forward with digital transformation and global expansion, they’re continually finding themselves more exposed. The systems they rely on are, in the meantime, becoming more complex. And they need to be. The stakes are higher. Business continuity is now about ...

By |2025-05-12T14:42:51+00:00May 12th, 2025|Governance, Risk & Compliance: GRC|

PowerSchool Data Breach: Lessons for GRC Leaders about the Newest Third-Party Risks

The PowerSchool data breach has become a defining example of third-party risk failure in education and EdTech. It's a harsh wake-up call for ethics, Governance, Risk, and Compliance (GRC) teams. What Caused This Data Breach? On December 28, 2024, PowerSchool confirmed a compromised credential had been used to access its PowerSource customer portal—a system that supports school staff across 17,000 districts and serves over 55 ...

A Quick Look at CPS 230 APRA: What Australia’s Standard Means for Financial Institutions

The CPS 230 APRA standard represents one of the most significant shifts in how Australian financial institutions manage operational risk. Introduced by the Australian Prudential Regulation Authority (APRA), CPS 230 is designed to strengthen resilience by improving oversight, risk visibility, and accountability across critical operations. This standard moves beyond reactive risk management. It encourages a culture of preparedness and clarity. And it ensures organizations are compliant ...

By |2025-05-07T19:32:35+00:00May 7th, 2025|Compliance, Governance, Risk & Compliance: GRC|

What Every Organization Needs in a Conflict of Interest Statement for Board Members

A clear, well-communicated conflict of interest statement for board members is essential to maintaining board integrity and protecting the organization. When directors hold outside interests—whether financial, advisory, or otherwise—disclosure isn’t optional. It’s a baseline expectation that allows boards to make informed decisions and avoid reputational or regulatory fallout.  A conflict of interest statement for board members can take many forms. It could occur, for example, when hiring ...

By |2025-05-06T20:36:58+00:00May 6th, 2025|Ethics & Compliance Learning|

Understanding DOJ Guidance: What’s the Impact on Corporate Compliance Programs?

The U.S. Department of Justice (DOJ) has long emphasized the importance of effective corporate compliance programs. While enforcement priorities may shift over time, the core expectations outlined in DOJ guidance remain consistent: programs must be well-designed, applied in good faith, and actually work in practice. What does that look like in real terms? First, programs must reflect the unique risks of the organization. There’s no ...

By |2025-05-07T15:20:31+00:00May 6th, 2025|Compliance, Governance, Risk & Compliance: GRC|

What’s the Difference Between Enterprise Risk and Business Impact?

Enterprise risk assessments (ERA) and business impact assessments (BIA) are the heart of operational resilience. Both are foundational to managing risk. Each plays a distinct role in helping companies navigate uncertainty. But they are not interchangeable. What’s the difference? ERA is about prevention. BIA is about recovery.  What is an Enterprise Risk Assessment? An ERA takes a wide-angle lens to risk. It’s designed to identify and prioritize ...

By |2025-05-06T20:06:05+00:00May 6th, 2025|Business Resilience, Governance, Risk & Compliance: GRC|

Regulatory Horizon Scanning: Why It Belongs in Your Risk Toolkit 

Regulatory change continues to challenge organizations worldwide. From the UK's Digital Services Act and the EU's Cyber Resilience Act to the U.S. Corporate Transparency Act, businesses must continuously pay close attention to ongoing local and global regulations. With escalating ESG disclosure mandates, increasing AI governance, and a surge in enforcement actions, the volume of new requirements—and the speed at which they hit—is forcing companies to rethink how ...

By |2025-05-08T13:31:35+00:00April 22nd, 2025|Governance, Risk & Compliance: GRC, Regulatory Change|

Turning Early Detection into a Strategic Business Advantage 

Horizon Scanning, integrated within the SAI360 platform, leverages the latest advancements in AI to identify emerging risks stemming from micro and macro global events. Capturing external intelligence ranging from competitor missteps and new regulations to shifts in public sentiment, Risk Radar can identify patterns and interpret threat levels according to an individual organization’s unique framework. This results in a number of competitive advantages. Below, we ...

By |2025-05-08T13:36:16+00:00April 16th, 2025|Governance, Risk & Compliance: GRC|

How to Create an Effective Compliance Program

Ask five organizations what makes an effective compliance program, and you’ll likely get five different answers. But ask a regulator, and the picture gets a lot clearer.  Regulators are not looking for perfect documentation, flashy training modules, or one-size-fits-all policies. What they’re looking for is evidence—evidence that your compliance program is real, rooted in risk, and taken seriously across the business. Can you walk the ...

By |2025-04-16T17:03:49+00:00April 16th, 2025|Compliance, Governance, Risk & Compliance: GRC|